GLSA 200802-06: scponly: Multiple vulnerabilities
| Severity: | normal |
| Title: | scponly: Multiple vulnerabilities |
| Date: | 02/12/2008 |
| Bugs: | , |
| ID: | 200802-06 |
Synopsis
Multiple vulnerabilities in scponly allow authenticated users to bypass security restrictions.Background
scponly is a shell for restricting user access to file transfer only using sftp and scp.
Affected packages
| Package | Vulnerable | Unaffected | Architecture(s) |
|---|---|---|---|
| net-misc/scponly | < 4.8 | >= 4.8 | All supported architectures |
Description
Joachim Breitner reported that Subversion and rsync support invokes subcommands in an insecure manner (CVE-2007-6350). It has also been discovered that scponly does not filter the -o and -F options to the scp executable (CVE-2007-6415).
Impact
A local attacker could exploit these vulnerabilities to elevate privileges and execute arbitrary commands on the vulnerable host.
Workaround
There is no known workaround at this time.
Resolution
All scponly users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/scponly-4.8"
Due to the design of scponly's Subversion support, security restrictions can still be circumvented. Please read carefully the SECURITY file included in the package.
References
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.